Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sprint DSL's Security Hole Easy As 1,2,3,4

Posted by timothy on from the oh-didn't-you-catch-that dept.

An Anonymous reader points to this Wired article, excerpting "Sprint officials acknowledged that remote access to the administrative software embedded in the ZyXel Prestige 642 and 645 modems is by default protected with a password of '1234.' But the company said users are responsible for securing the equipment, which stores login data, including the user's e-mail address and password." Wired found that more than 90% of the modems they polled were using that default password.

16 of 373 comments (clear)

  1. This is a suprise to everyone? by Dolemite_the_Wiz · · Score: 3, Informative

    This is Sprint, the ISP who doesn't do a thing about hackers originating from their domain.

    I don't know how many times in the past I've tracked hackers at work to Sprint's networks.

    Getting a reply or action from Sprint Security is non-existent. I guess it takes an article published in 'Wired' to get action from them.

    Sprint and Prodigy are renown for not working with customers in addressing secuity issues.

    Dolemite
    _________________________________

    --
    Save the World! Use a Quote!
    1. Re:This is a suprise to everyone? by kyz · · Score: 2, Informative

      Can't you just use some "virtual servers" feature to forward ports 23, 69/udp and 80 to a box on the LAN side of the router/modem?

      Even though my AMX router actually has a "external access" tickbox, unticking it doesn't actually stop the router responding to http and ftp from the WAN side. So I configured it forward those ports through to the LAN side and let my PC say "connection refused" instead.

      --
      Does my bum look big in this?
  2. They're not the first by Malc · · Score: 2, Informative

    When I signed up for US Worst's (now Qwest/MSN) DSL about four years ago, the Cisco 675 modem they were shipping came with a default password. You could telnet in to the modem from over the internet, reconfigure it so that the user couldn't connect to the web and then change the admin password so they couldn't fix it! >:) To make it even easier, all the DSL IPs had hostnames containing "dsl", so a simple DNS zone transfer saved having to scan for the modems/routers.

  3. Wasn't it Skoorb? by jerkychew · · Score: 2, Informative

    I always thought it was spelled Skoorb, whitch is Brooks (as in Mel) backwards...

    1. Re:Wasn't it Skoorb? by Anonymous Coward · · Score: 1, Informative

      It's spelled Skroob, but that's still an anagram.

  4. Pacific Bell by Leme · · Score: 3, Informative

    Has the same exact issue. All of the Caymen & Efficient routers are usually setup with the default password. Which by a quick google search, is easily obtainable.

    This only applies to business customers who ordered the router option instead of a bridge.

  5. Re:Home users by taliver · · Score: 5, Informative

    Not really a problem.

    Lots of switches and other equipment comes with hardware passwords. When these are lost, you can call the company and get a password by reading off a serial number identifier off of the equipment. When you enter that password, the machine is reset and all information previously on it is gone.

    That would be good enough for most users in any event.

    --

    I demand a million helicopters and a DOLLAR!

  6. What Sprint Told Me by harlows_monkeys · · Score: 4, Informative

    I quickly found this problem on my Sprint DSL, and checked a few other addresses "near" mine to see if I had just overlooked something during setup where I was supposed to change the password, and found that most modems were wide open. I informated Sprint, and here was their response:

    Thank you for your recent e-mail. I appreciate the opportunity to address your inquiry.

    You have reached local password reset only. Please contact your local telephone company for further assistance.

    We appreciate your business. If we can be of further assistance concerning
    your Sprint service, please visit us at http://www.sprint.com, or you may email us at customer.servicenet@mail.sprint.com.

    Aside from the total lack of security by default, and their insistance on routing everything from the Seattle area through Fort Worth, which is 100ms away on Sprintlink, they have been pretty good. :-/

  7. Much ado about nothing by twixel · · Score: 2, Informative

    They don't mention that the telnet interface is by default only accessible from the inside of the network.

  8. Re:Not Sprint's fault... (RTFA) by Anonymous Coward · · Score: 5, Informative
    From the article:
    Tigges admitted that Sprint does not provide instructions for resetting the administrative password in the documentation provided to FastConnect customers.
    Now, who's fault isn't it again?
  9. Re:As I've always said by Artifex · · Score: 2, Informative
    The easiest security breaches are to be had via social engineering, such as human manipulation and simple password guesses such as the default password for a certain system.


    Some people are pretty opinionated about that, in fact.
    --
    Get off my launchpad!
  10. My ZyXEL 600 had this problem... by VValdo · · Score: 5, Informative

    First thing I did with my ZyXEL Prestige 600 is change that damned default password.

    To do this, at least on my 600:

    1. Telnet in (make sure you have vt100). On my LAN, the Zyxel is set at 192.168.1.1 -- I don't know how Sprint has it.
    2. Use the default 1234 password, and then hit return to log in.
    3. At the menu, type "23" and return. 23 is the option for the "System Password" page.
    4. Now type the old and new password (twice) using the TAB key to skip fields. Don't pick something obvious.
    5. Go down to where it says "Enter here to CONFIRM or ESC to CANCEL" and hit ENTER/RETURN to save your new password. (You may be asked to confirm that you want to do this.)
    6. When you get back to the main menu, exit your telnet session by typing "99".
    7. Try telnetting in again using 1234 and make sure it doesn't work. Now try to use your new password.
    8. Profit.

    I'm guessing that if these aren't the exact instructions for the later Prestiges, it'll be pretty close.

    Even better than changing passwords is to disable remote login from outside the local network. (I hear this is the default on new Prestige modems). Or, depending on how insecure your LAN is, you can assign particular IPs permission to get in and block all others. This is accomplished using a "filter", just like a w/ a firewall.

    To block incoming telnet sessions on the WAN, check out this page. This page also offers a "probe" you can use to discover vulnerable modems.

    Finally, check this list for common default passwords. This is an important page, so check it for any equipment you might be using.

    W

    --
    -------------------
    This is my SIG. There are many like it, but this one is mine.
  11. Re:1234 by arkanes · · Score: 2, Informative

    I thought the Oracle one was scott/tiger. At least, thats what the Net8 tools try when you attempt to verify a connection...

  12. Re:Totally unprofessional by shepd · · Score: 2, Informative

    >Believe it or not, "polling" modems by checking their passwords is hacking

    And testing the doorknob on every store on your street is multiple sets of felony B & E, right?

    This is why the police wait for the burglar to actually _enter_ the house before charging them (well, actually, if they don't like they guy, they'll wait 'till he exits with an armload of swag), just like they wait for a hacker to _do_ something before charging them with a crime.

    If you don't want anyone testing your lock, don't have one in a place they can test it.

    --
    If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  13. Re:Shit by mistered · · Score: 2, Informative
    Close... Here's the the script. What I read the headline, I also thought of that scene in spaceballs.

    --
    Enjoy your job, make lots of money, work within the law. Choose any two.
  14. Sprint Posted Instructions by BMcWilliams · · Score: 1, Informative

    Sprint posted at its DSL support site today some instructions on how to disable remote management in the ZyXel P645 modem. They are available in PDF here

    In a nutshell, they instruct you to use the unit's system management software to turn on some filters that block incoming port 80, 21, 23, and 69.